Skip to main content

Umbrella Module for Cisco Secure Client - Command Line installation and RMM reference

Zeke
  • Updated
  • min read

Purpose

 

This article will serve as a guide for anyone who wants to automate installation of the Umbrella module for Cisco Secure Client. It provides the context and commands that can be used to build your own scripts for automating the deployment of Cisco Secure Client.

 

Upgrades and migration

 

For customers migrating from older Cisco AnyConnect or Umbrella Roaming Client, it is not mandatory to remove the old software prior to upgrade.  The old Umbrella software will be detected and automatically removed during installation.

It is imperative to ensure that any automated installation tasks for AnyConnect or Umbrella Roaming Client are disabled to prevent re-installation of the older software.

 

Components and approach

 

Whether you are installing from the GUI or any other method, a successful installation requires the following:

  • Installation of Cisco Secure Client 
  • Installation of the Umbrella Module
  • Umbrella Profile (OrgInfo.plist on Mac and OrgInfo.json on Windows)
  • Installation of DART Diagnostic Tool (Recommended)

Cisco provides precise documentation on how to build the commands to install this. For full documentation on this, see the pre-deployment guide below:

Predeploying Cisco Secure Client Modules as Standalone Applications

 

Profile Installation

 

A key consideration when deploying Umbrella is installation of your unique organization profile (OrgInfo.json).  This profile uniquely identifies your Umbrella organization and allows the client to register with the Umbrella cloud.  You can download this from your dashboard by browsing to Deployments > Core Identities > Roaming Computers > Roaming Client then clicking on Download on top right corner and selecting Download Module Profile.

This step is mandatory for the Umbrella module to operate.

If you choose to copy the profile to the endpoint it should be deployed to the following locations programmatically:

  C:\ProgramData\Cisco\Cisco Secure Client\Umbrella\OrgInfo.json (Windows)
  /opt/cisco/secureclient/umbrella/OrgInfo.json (OSX)

 

 

Command line examples - Windows

 

The following commands demonstrate how to deploy the Secure Client, Umbrella, and DART modules on Windows via command-line or automation software.

  • Replace <version> with the version number of the downloaded MSI file
  • Replace <log_file_name> with the path and file name for the log file.
msiexec /package cisco-secure-client-win-<version>-core-vpn-predeploy-k9.msi /norestart /passive PRE_DEPLOY_DISABLE_VPN=1 /lvx* <log_file_name>

msiexec /package cisco-secure-client-win-<version>-umbrella-predeploy-k9.msi /norestart /passive /lvx* <log_file_name>

msiexec /package cisco-secure-client-win-<version>-dart-predeploy-k9.msi /norestart /passive /lvx* <log_file_name>

The above commands will disable the Secure Client VPN functionality entirely using the PRE_DEPLOY_DISABLE_VPN=1 switch - which is a common configuration.  Please note that the core VPN module must still be installed but the VPN itself is entirely disabled.

 

IMPORTANTFor the Umbrlela module to operate you must have deployed the OrgInfo.json file before or after installation as described in 'Profile Installation'. 

 

Optional Arguments

 

There are several optional switches that can be used when installing the Cisco Secure Client and Umbrella Module. Here are some of the most useful:

Installer Optional Argument Purpose
cisco-secure-client-win-<version>-core-vpn-predeploy-k9.msi PRE_DEPLOY_DISABLE_VPN=1 The core module includes the VPN capability, even if it is not used. This tells the system to hide the inactive VPN module. This can also be done after installation by following the steps listed here.
cisco-secure-client-win-<version>-umbrella-predeploy-k9.msi LOCKDOWN=1 This prevents the Umbrella service from being disabled manually. More information can be found here.
Any module ARPSYSTEMCOMPONENT=1 This will prevent the module from being displayed in the Add/Remove Programs Dialog. 

 

macOS installations

 

For more information on installation and customization on macOS, see the following page: 

Command line and customization

 

Directory Structure

 

The directory locations have changed with Cisco Secure Client.

 

Cisco Secure Client Directories

Windows

Executable

C:\Program Files (x86)\Cisco\Cisco Secure Client

Umbrella Directory

C:\ProgramData\Cisco\Cisco Secure Client\Umbrella\

macOS

Executable

/Applications/Cisco/Cisco Secure Client.app

Umbrella Directory

/opt/cisco/secureclient/Umbrella/

 

For deployment references for some popular RMM product, please review https://docs.umbrella.com/deployment-umbrella/docs/additional-references

 

 

 

 

 

 

 

 

 

Was this article helpful?

5 out of 15 found this helpful
Have more questions? Submit a request

Related articles